Skip to content

Release 0.10.0
Compare
Choose a tag to compare
@woodruffw woodruffw released this 09 Jan 19:46
· 553 commits to main since this release
v0.10.0
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: EeRlzHThJexQSIWNa8tDW9bI11zXFJ+4cCY/kG/afBU Learn about vigilant mode.
6658152
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • sigstore now supports the -v/--verbose flag as an alternative to
    SIGSTORE_LOGLEVEL for debug logging
    (#372)

  • The sigstore verify identity has been added, and is functionally
    equivalent to the existing sigstore verify subcommand.
    sigstore verify is unchanged, but will be marked deprecated in a future
    stable version of sigstore-python
    (#379)

  • sigstore now has a public, importable Python API! You can find its
    documentation here
    (#383)

  • sigstore --staging is now the intended way to request Sigstore's staging
    instance, rather than per-subcommand options like sigstore sign --staging.
    The latter is unchanged, but will be marked deprecated in a future stable
    version of sigstore-python
    (#383)

  • The per-subcommand options --rekor-url and --rekor-root-pubkey have been
    moved to the top-level sigstore command. Their subcommand forms are unchanged
    and will continue to work, but will be marked deprecated in a future stable
    version of sigstore-python
    (#381)

  • sigstore verify github has been added, allowing for verification of
    GitHub-specific claims within given certificate(s)
    (#381)

Assets 9
Loading